From 1dea9cfc5d10002c773a0efc5234cbc24fe1fe9f Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sun, 30 Jun 2019 20:51:17 +0000 Subject: Update wording in templates (#2815) * Change wording in redirect_alias-profile.template * Change wording in profile.template * Update wording in redirect_alias-profile.template --- etc/templates/profile.template | 18 +++++++++--------- etc/templates/redirect_alias-profile.template | 25 +++++++++++++------------ 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 7ea2853c1..2fc5c3ef1 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template @@ -3,16 +3,16 @@ # This file is overwritten after every install/update # --- CUT HERE --- # This is a generic template to help you with creation of profiles -# for new programs. PRs welcome at https://github.com/netblue30/firejail/ +# for new programs. PRs welcome at https://github.com/netblue30/firejail/. # # Rules to follow: # - lines with one # are often used in profiles # - lines with two ## are only needed in special situations # - make the profile as restrictive as possible while still keeping the program useful -# (e. g. a program that is unable to save user's work is considered a bad practice) -# - dedicate some time (based on how complex the application is) to profile testing before raising +# (e. g. a program that is unable to save user's work is considered bad practice) +# - dedicate some time (based on the complexity of the application) to profile testing before raising # a pull request -# - keep the sections structure, use a single empty line as a separator +# - keep the sections structure, use a single empty line as separator # - entries within sections are alphabetically sorted # - consider putting binary into src/firecfg/firecfg.config (keep list sorted) but beware # to not do this for essential utilities as this may *break* your OS! (related discussion: @@ -66,8 +66,8 @@ include globals.local # One way to retrieve the files a program uses is: # - launch binary with --private naming a sandbox # `firejail --name=test --ignore=private-bin [--profile=PROFILE] --private BINARY` -# - work with the program, do some configuration changes and save them, open new documents, -# install plugins if they exists, etc +# - work with the program, make some configuration changes and save them, open new documents, +# install plugins if they exists, etc. # - join the sandbox with bash: # `firejail --join=test bash` # - look what has changed and use that information to populate blacklist and whitelist sections @@ -128,14 +128,14 @@ include globals.local #notv #nou2f #novideo -# Remove every not needed protocol +# Remove each unneeded protocol: # - unix is usually needed -# - inet,inet6 only if internet access is requiered (see 'net none'/'netfilter' above) +# - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above) # - netlink is rarely needed # - packet almost never #protocol unix,inet,inet6,netlink,packet #seccomp -##seccomp.drop SYSCALLS (see also syscalls.txt) +##seccomp.drop SYSCALLS (see syscalls.txt) #shell none #tracelog # Prefer 'x11 none' instead of 'blacklist /tmp/.X11-unix' if 'net none' is set diff --git a/etc/templates/redirect_alias-profile.template b/etc/templates/redirect_alias-profile.template index 02df1776f..0c7ba0b72 100644 --- a/etc/templates/redirect_alias-profile.template +++ b/etc/templates/redirect_alias-profile.template @@ -6,38 +6,39 @@ include PROFILE.local # Persistent global definitions # added by included profile #include globals.local -#NOTE: let include globals.local commented, except redirecting to a -common.profile +#NOTE: keep include globals.local commented, except when redirecting to a *-common.profile -# For more informations see profile.template +# For more information, see profile.template -# Ignore something that is in the included profile +# Ignoring option(s) from the included profile #ignore net none #ignore private-bin #ignore seccomp #... -# Additional noblacklisting (if needed) +# Additional noblacklisting (when needed) #noblacklist PATH -# Additional allow includes (if needed) +# Additional allow includes (when needed) -# Additional blacklisting (if needed) +# Additional blacklisting (when needed) #blacklist PATH -# Additional whitelisting (if needed) +# Additional whitelisting (when needed) +#NOTE: never use mkdir/mkfile when 'private' is set (see https://github.com/netblue30/firejail/issues/903) #mkdir PATH ##mkfile PATH #whitelist PATH -# Additional options (if needed) +# Additional options (when needed) -# Additional private-options (if needed) -# Add programs to private-bin (if needed) +# Additional private-options (when needed) +# Add programs to private-bin (when needed) #private-bin PROGRAMS -# Add files to private-etc (if needed) +# Add files to private-etc (when needed) #private-etc FILES -# Additional special options (if needed) +# Additional special options (when needed) # Redirect include PROFILE.profile -- cgit v1.2.3-54-g00ecf